<?php
class Login
{
    private $username;
    private $password;
    private $loginok = false;
    private $blocked = false;

    function __construct($username, $password) {
        $this->username = $this->check_username($username);
        $this->password = $this->check_password($password);
        return $this->login();
    }

    public function login() {
       if(!$this->check_default())
       {
           if(allow_db_users && strlen($this->username) <= max_username_length && strlen($this->password) <= max_password_length)
           {
               if(username_case)
                   $user_case = 'binary';
               if(password_case)
                   $pass_case = 'binary';
               
               if(pass_encrypt_onlogin && !password_allow_normal && strlen($this->password) != 40)
               {
                   $ps_pass = new PreparedStatement("UPDATE beheerders SET password = ? WHERE $user_case username = ? && $pass_case password = ?;");
                   $ps_pass->setString(sha1($this->password));
                   $ps_pass->setString($this->username);
                   $ps_pass->setString($this->password);
                   $ps_pass->execute();
                   unset($ps_pass);
               }
               
               $ps = new PreparedStatement("SELECT * FROM beheerders WHERE $user_case username = ? && ($pass_case password = ? || password = ?);");
               $ps->setString($this->username);
               if(password_allow_normal)
               {
                   $ps->setString($this->password);
               }
               else
               {
                   $ps->setString("");
               }
               if(password_allow_encrypt)
               {
                   $ps->setString(sha1($this->password));
               }
               else
               {
                   $ps->setString("");
               }
               $q = $ps->execute();
               unset($ps);
               $row = mysql_fetch_array($q);
               if(mysql_num_rows($q) == 1)
               {
                    $this->loginok = true;
               }
           }
       }
       else
           $this->loginok = true;
    }

    public function get_blocked() {
        return $this->blocked;
    }

    public function check_loggedin() {
        return $this->loginok;
    }

    public function get_username() {
        return $this->username;
    }

    private function check_username($input) {
        return addslashes($input);
    }

    private function check_password($input) {
        return addslashes($input);
    }

    private function check_default() {
        $ips = explode(",", admin_ips);
        $cur_ip = $_SERVER['REMOTE_ADDR'];
        if(trim(admin_username) != '' && addslashes(trim($this->username)) == trim(admin_username) && addslashes(trim($this->password)) == trim(admin_password))
        {
            if(trim(admin_ips) == '')
                return true;
            foreach($ips AS $ip)
            {
                $ip = trim($ip);
                if($cur_ip == $ip)
                return true;
            }
            return false;
        }
        else
            return false;
    }
}
?>